Jolokia 1.2 to 1.6.1 Vulnerability: Remote Code Execution via System-Wide CSRF

Jolokia 1.2 to 1.6.1 Vulnerability: Remote Code Execution via System-Wide CSRF

CVE-2018-10899 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.

Learn more about our Web Application Penetration Testing UK.